BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode. Armis Labs has identified eight zero-day vulnerabilities so far, which indicate the existence and potential of the attack vector.

affect all devices running on Android, Linux, Windows, and pre-version 10 of iOS operating systems, regardless of the Bluetooth version in use. This means almost every computer, mobile device, smart TV or other IoT device running on one of these operating systems is endangered by at least one of the eight vulnerabilities. This covers a significant portion of all connected devices globally.

All Android phones, tablets, and wearables (except those using only Bluetooth Low Energy) of all versions are affected by four vulnerabilities found in the Android operating system, two of which allow remote code execution (CVE-2017-0781 and CVE-2017-0782), one results in information leak (CVE-2017-0785) and the last allows an attacker to perform a Man-in-The-Middle attack (CVE-2017-0783).

Examples of impacted devices:

Google Pixel
Samsung Galaxy
Samsung Galaxy Tab
LG Watch Sport
Pumpkin Car Audio System
Google has issued a patch and notified its partners. It will be available for:

Nougat (7.0)
Marshmallow (6.0)
Google has issued a security update patch and notified its partners. It was available to Android partners on August 7th, 2017, and made available as part of the September Security Update and Bulletin. We recommend that users check that Bulletin for the latest most accurate information. Android users should verify that they have the September 9, 2017 Security Patch Level,

This sounds pretty nasty.
I hope we get an update for our Android 5.1 phones (MotoX/X2).
The last Android Security Patch Level I have is 8/1/2016.
If not, the only recourse we have is to turn off Bluetooth, which is not good.
I use wireless headphones, external speakers, car stereo, Tile key fob, etc.

However, getting an Android patch to your phone seems to require actions from Google (done), Motorola (or Samsung in my case) as the manufacturer and Republic Wireless as the service provider.

I don’t know about Motorola, but Samsung seems to have totally dropped the ball and refuses to tell anyone anything (despite being contacted by Armis well before the exploit became public). Republic Wireless seems to know nothing because the manufacturers aren’t talking either.

I don’t expect any updates to the Legacy Phones
Motorola considers them at end of lifetime (plus any OS update would need to be Republic to reassemble a team to test the OS before sending to Sprint Labs for certification (the last OS update took over a year before it was pushed to Republic Moto X)

I’ve been having trouble finding information on End of Support/End of Life of various phones from the manufacturers. Do you have links to this information you can share? Particularly for Samsung and Motorola, since they have been discussed here.

Motorola history since the Moto xz 1st Gen has been 2 years support on flagships, 1-2 years on midline and budget phones,
For flagships 2 years or 2 major is updates seams to be the norm, even Google only guarantee 2 years support on Nexus and pixel phones[even though they may still release an update for older phoned

At Republic Wireless, we’re always excited when a new Android update is on the horizon. We realize that many of our members share this excitement with us so we thought it would be helpful to provide some insight into how these updates are rolled out to your phone.
What are the different types of updates?
There are two main types of Android updates; Maintenance Releases (MR) and Security Maintenance Releases (SMR).
Maintenance Releases (MR) are typically larger updates with things like bug fi…